On Fri, 2 May 2003 03:23 pm, Hanasaki JiJi wrote:
> The internal network has ECN on. A few ports are NATed going out. Is
> there an iptables rule that will turn off ECN as ports are going out
> through the firewall?
Haven't actually done this myself, but it's definitely possible according to
the iptables man page :
===
ECN
This target allows to selectively work around known ECN blackholes. It
can only be used in the mangle table.
--ecn-tcp-remove
Remove all ECN bits from the TCP header. Of course, it can only
be used in conjunction with -p tcp.
===
Something like:
iptables -t mangle -I FORWARD -o $EXTERNAL_INTERFACE -p tcp --ecn-tcp-remove
(untested, but looks right to me)
t
--
GPG : http://n12turbo.com/tarragon/public.key